Another option that you can use with social engineering is going to use technology in order to exploit other people. When they are online, it is common to see that people will be pretty native. They will do a lot of things and trust a lot of people that they would never do in a regular situation in real life. With a phishing attack, you are going to send out an email to the user, but these will look like they
come from a source that is trusted.
The point here is to get the user to share information that is personal, either by asking them to send the information or by getting them to click on the links. The user will think that the email looks real, but since you spoofed the IP address, it is just going to look real. You can do this as a company, a relative, a friend, or anyone that you would like to get the information that you want.